CVE-2017-5638 Struts Vulnerability for CA Spectrum 10.x

book

Article ID: 15850

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

Is CA Spectrum affected by Struts 2 Vulnerability CVE-2017-5638?

 

 

Environment

Release: SDBSFO99000-10.2-Spectrum-Device Based Suite-Server FOC
Component:

Resolution

CA Spectrum 10.2.1 and above comes with Struts 2.3.32 which is not vulnerable to this CVE.

However, previous versions are vulnerable.

There is no workaround for the release of Struts that CA ships with versions prior to 10.2.1.

CA highly suggests customers upgrade to 10.2.1 or above to obtain the fix for this vulnerability.

It has been classified as a high threat / Critical.

Please see CVE details on Apache's documentation:

https://cwiki.apache.org/confluence/display/WW/S2-045

 

And NVD Details:

https://nvd.nist.gov/vuln/detail/CVE-2017-5638



 

Additional Information

CAPM and CAPC are also not affected by this vulnerability:

https://knowledge.broadcom.com/external/article?articleId=15869